Every year the SANS Institute compiles a list of the top 20 Internet security attack targets and details vulnerabilities that certain pieces of software should be patched for. But how do you know if your computer is at risk? Norton won't help you here; you aren't dealing with viruses. SANS recommends using a vulnerability scanner. As you are probably already thinking, I will be reviewing an application called LANguard Network Security Scanner that is a vulnerability scanner and much more.
My first impression of LANguard gave me an immediate sense of who the intended user should be - a professional IT guy, paranoid Internet user or run of the mill network admin. In a nutshell, LANguard is very powerful, sophisticated software that the general web populace won't be able to get their head around. Heck, I've scratched my head a few times digging through LANguard and I once had aspirations of pursuing CompTIA Network+ certification.
However, that being said I am certain that LANguard is a useful tool in the right hands. Deploying a network scan is easy enough with the wizard.
I ran a basic vulnerability scan on my Parallels Windows XP installation and was impressed to see everything that LANguard came up with. In addition, for each of the 161 vulnerabilities it found I could click the expand icon and get a few lines detailing exactly what the vulnerability is. For example, below is a vulnerability LANguard found:
OVAL:462: FTP Server Command Injection Vulnerability Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.
The main interface for LANguard.
As the name implies, LANguard excels at large-scale vulnerability scanning - such as on a corporate LAN. It has options for scanning a range of computers, a list of computers as well as a domain or workgroup. However, network security scanning isn't the only thing it can do. LANguard also integrates patch management and network auditing. Once you've identified vulnerabilities on a local or networked computer, patching it is as easy as right-clicking.
On the network auditing side of things, this snippet from the GFi site caught my attention:
GFI LANguard N.S.S.'s auditing function tells you all you need know about your network "“ what USB devices are connected, what software is installed, any open shares, open ports and weak passwords in use. The solution's in-depth reports gives you an important and real-time snapshot of your network's status.
I'm impressed that it can find out so much information - USB devices and weak passwords!
Other LANguard features include scheduled vulnerability scans, patch autodownloading and an easy-to-grok interface for essential network tools such as DNS lookup, traceroute, whois and snmp.
GFi LANguard version 8.0 was released only a few weeks ago and boasts the ability to scan entire networks for over 15,000 vulnerabilities. As I mentioned earlier, LANguard is definitely geared towards computer/network experts in charge of keeping a network of computers healthy. If you fall into that category, I see no reason why you shouldn't check out LANguard. Hopefully, you'll be able to get your company to pay for it. LANguard isn't cheap with introductory pricing of 575 for a 32 IP license.
Disclosure: I got paiiiiid for this review.